Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
react-native-bjy-aliyun-oss
Advanced tools
This document mainly describes how to install and use the OSS React Native SDK. This document assumes that you have already activated the Alibaba Cloud OSS service and created an AccessKeyID and an AccessKeySecret. In the document, ID refers to the AccessKeyID and KEY indicates the AccessKeySecret. If you have not yet activated or do not know about the OSS service, log on to the OSS Product Homepage for more help.
NOTE: THIS PACKAGE IS NOW BUILT FOR REACT NATIVE 0.40 OR GREATER
npm install aliyun-oss-react-native --save
yarn install aliyun-oss-react-native --save
run react-native link
in the react native project
react-native link aliyun-oss-react-native
Note
:for suppport IPv6-Only networkd,you need to require :
1. libresolv.tbd
2. CoreTelephony.framework
3. SystemConfiguration.framework
pod 'aliyun-oss-react-native', :path => '../node_modules/aliyun-oss-react-native'
Add Files to <...>
Go to node_modules
➜ aliyun-oss-react-native
➜ ios
➜ select RNAliyunOSS.xcodeproj
libRNAliyunOSS.a
to Build Phases -> Link Binary With Libraries
Frameworks
➜ Add Files to [your project's name]
. Go to node_modules
➜ aliyun-oss-react-native
➜ AliyunSDK
. Add AliyunOSSiOS.framework
, and select Copy items if needed in the pop-up box.android/settings.gradle
:include ':react-native-react-sdk'
project(':react-native-react-sdk').projectDir = new File(rootProject.projectDir, '../node_modules/aliyun-oss-rn-sdk/android')
android/app/build.gradle
:dependencies {
compile project(':aliyun-oss-react-native')
}
AndroidManifest.xml
: <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<uses-permission android:name="android.permission.CAMERA" />
MainApplication.java
:import com.reactlibrary.RNAliyunOssPackage;
public class MainApplication extends Application implements ReactApplication {
@Override
protected List<ReactPackage> getPackages() {
return Arrays.<ReactPackage>asList(
new MainReactPackage(),
new RNAliyunOssPackage()
);
}
}
Now ,all the API returns Promise Object exception init OSS Client API and enableDevMode API,so you can use ES6 async await
or
promise().then(/**/).catch(/**/)
,we take asyncUpload interface as an example.
import AliyunOSS from 'aliyun-oss-react-native'
AliyunOSS.enableDevMode();
const configuration = {
maxRetryCount: 3,
timeoutIntervalForRequest: 30,
timeoutIntervalForResource: 24 * 60 * 60
};
const endpoint = "xxxx.aliyuncs.com"
AliyunOSS.initWithServerSTS("/***http://ip:port/****/",endPoint, configuration)
Note:We provide auth server with node shell in Script folder,you can run command link this.
npm istall
<!-- note:filepath must start with file:/// -->
AliyunOSS.asyncUpload(bucketname, objectkey, filePath).then( (res) => {
<!-- you can see the log with React Native debugg tools or XCode 、Android studio console -->
console.log(res)
}).catch((error)=>{
console.log(error)
})
<!-- addEventlistener uploadPross-->
const downloadProgress = p => console.log(p.currentSize / p.totalSize);
AliyuOSS.addEventListener('uploadProgress', downloadProgress);
This section describes the APIs that are currently implemented and partially supported by the React Native SDK. These APIs mainly cover log management, bucket management, object management, authorization, file upload, and download. Follow-up to improve the relevant API and BUG repair. API list is as follows
API | Android | iOS |
---|---|---|
enableDevMode | Y | Y |
initWithPlainTextAccessKey | Y | Y |
initWithSigner | Y | Y |
initWithSecurityToken | Y | Y |
initWithServerSTS | Y | Y |
asyncUpload | Y | Y |
initMultipartUpload | Y | Y |
multipartUpload | Y | Y |
listParts | Y | Y |
abortMultipartUpload | Y | Y |
asyncDownload | Y | Y |
asyncCreateBucket | Y | Y |
asyncGetBucketACL | Y | Y |
asyncListBuckets | Y | Y |
asyncDeleteBucket | Y | Y |
asyncHeadObject | Y | Y |
asyncListObjects | Y | Y |
doesObjectExist | Y | Y |
doesObjectExist | Y | Y |
asyncDeleteObject | Y | Y |
open dev log,please refer to the code
AliyunOSS.enableDevMode()
init auth client with accessKeyId and accessKeySecret,please refer to the code.you can use ,but we do not suggest use it。
const endPoint = "XXX"
const configuration = {
maxRetryCount: 3,
timeoutIntervalForRequest: 30,
timeoutIntervalForResource: 24 * 60 * 60
};
AliyunOSS.initWithPlainTextAccessKey(accessKey, secretKey, endPoint, configuration);
init auth client the sign
AliyunOSS.initWithSigner(signature, accessKey, endPoint, configuration);
init client with SecurityToken
AliyunOSS.initWithSecurityToken(SecurityToken, accessKeyId, accessKeySecret, endPoint, configuration);
### initWithServerSTS
init auth client with local auth server
```javascript
AliyunOSS.initWithServerSTS(/*local auth server*/, endPoint, configuration);
AliyunOSS.asyncUpload(bucketname, objectKey, filepath).then().catch()
AliyunOSS.initMultipartUpload(bucketname,objectkey).then((e) => {
//e is uploadId
console.log(e)
}).catch((error) => {
console.log(error)
})
//uploadId is the value When call initMultipartUpload ,success callback return
AliyunOSS.multipartUpload(multipartBucket,mulitipartObjectKey,uploadId,filepath).then((res)=>{
Alert.alert("success");
}).catch((e) => {
Alert.alert("fail");
})
AliyunOSS.listParts(multipartBucket,multipartObjectKey,upoadId).then((e)=>{
Alert.alert("onListParts"+e)
}).catch((e)=>{
Alert.alert("onListPartsError")
})
AliyunOSS.abortMultipartUpload(multipartBucket,multipartBucket,uploadId).then((e)=>{
Alert.alert("abort success");
}).catch((e)=>{
Alert.alert("abort fali");
})
// xxx is the image process option
AliyunOSS.asyncDownload(bucketname,objectkey,{"x-oss-process":'xxxx'}).then((e) => {
console.log(e)
}).catch((e)=>{
console.log(e)
})
AliyunOSS.asyncCreateBucket('tyluoluo','private','oss-cn-zhangjiakou').then((e) => {
console.log(e)
}).catch((e)=>{
console.log(e)
})
AliyunOSS.asyncGetBucketACL('luozhang002').then((e) => {
console.log(e)
}).catch((e)=>{
console.log(e)
})
AliyunOSS.asyncListBuckets().then((e) => {
console.log(e)
}).catch((e) => {
console.log(e)
})
AliyunOSS.asyncDeleteBucket("tyluoluo").then((e) => {
console.log(e)
}).catch((e) => {
console.log(e)
})
AliyunOSS.asyncHeadObject('luozhang002','yanxing').then((e)=>{
console.log(e)
}).catch((e)=> {
console.log(e)
})
list objects in some conditions
parameters:
prefix
keymarker
, including marker
key100
, limit to 1000
AliyunOSS.asyncListObjects('luozhang002', {
prefix:'xxxx'
}).then((e)=>{
console.log(e)
}).catch((e)=>{
console.log(e)
})
AliyunOSS.doesObjectExist('luozhang001','xx.png').then( (e) => {
console.log(e)
}).catch((e) => {
console.log(e)
})
AliyunOSS.asyncCopyObject('luozhang001',"2.png","luozhang002","sbsbsb").then( (e) => {
console.log(e)
}).catch((e)=>{
console.log("xxxx")
console.log(e)
})
AliyunOSS.asyncDeleteObject('luozhang001','2.png').then((e)=>{
Alert.alert(e)
}).catch((e)=>{
console.log(e)
})
In the repository, we prodive RN SDK DEMO in the Example folder including andriod and ios,Example/android
provide the android demo;Example/iOS
provide the ios demo.Welcome to join us, how to run the Example ?
1. git clone https://github.com/aliyun/aliyun-oss-react-native.git
2. cd Example
3. npm install
1. cd script/sts-app-server-node
2. node index.js
Now, React Native SDK is in the initial stage. When the developers use React Native API, any problem can be raised to the official warehouse for issue or PR. We will deal with it in time. Wecome much more developers to join us to serve customers and developers that who use aliyun storage services To better serve customers and developers who use aliyun storage services.You can refer to the following documentation.
in the future, Continuously optimizing code documentation、add interfaces 、fix bugs, etc.
enhancement
FAQs
React Native SDK for aliyun object storage service
The npm package react-native-bjy-aliyun-oss receives a total of 1 weekly downloads. As such, react-native-bjy-aliyun-oss popularity was classified as not popular.
We found that react-native-bjy-aliyun-oss demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.